From 2023cc46550509b2c076e8c310a1d32addfe5277 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Fri, 11 Nov 2022 15:12:30 +0100 Subject: [PATCH] changes for 0.8.3, and checksum updates --- CHANGES.md | 20 ++++++++++++++++++++ Dockerfile | 2 +- build-with-docker.sh | 2 +- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6143c5c..5550cdc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,23 @@ +### 0.8.3 (2022-11-11) + +- Fix "DNS issues", a firewall ruleset with a domain name lead to 100% CPU usage + (reported by fiftyfourthparallel on + https://forum.qubes-os.org/t/mirage-firewall-0-8-2-broken-new-users-should-install-0-8-1/14566, + re-reported by @palainp in #158, fixed by @hannesm in mirage/mirage-nat#48 + (release 3.0.1)) - underlying issue was a wrong definition of `is_port_free` + (since 3.0.0, used since mirage-qubes-firewall 0.8.2). +- Fix "crash on downstream vm start", after more than 64 client VMs have been + connected and disconnected with the qubes-mirage-firewall (reported by @xaki23 + in #155, fixed by @hannesm in #161) - underlying issue was a leak of xenstore + watchers and a hard limit in xen on the amount of watchers +- Fix "detach netvm fails" (reported by @rootnoob in #157, fixed by @palainp + in mirage/mirage-net-xen#105 (release 2.1.2)) - underlying issue was that the + network interface state was never set to closed, but directly removed +- Fix potential DoS in handling DNS replies (#162 @hannesm) +- Avoid potential forever loop in My_nat.free_udp_port (#159 @hannesm) +- Assorted code removals (#161 @hannesm) +- Update to dns 6.4.0 changes (#154, @hannesm) + ### 0.8.2 (2022-10-12) - Advise to use 32 MB memory, which is sufficient (#150, @palainp) diff --git a/Dockerfile b/Dockerfile index 58cdeae..ac2ba7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ RUN sudo ln -sf /usr/bin/opam-2.1 /usr/bin/opam # Pin last known-good version for reproducible builds. # Remove this line (and the base image pin above) if you want to test with the # latest versions. -RUN cd /home/opam/opam-repository && git fetch origin master && git reset --hard 7b89f6e5c24cf4076252e71abcbbe4d205705627 && opam update +RUN cd /home/opam/opam-repository && git fetch origin master && git reset --hard 685eb4efcebfa671660e55d76dea017f00fed4d9 && opam update RUN opam install -y mirage opam-monorepo RUN mkdir /home/opam/qubes-mirage-firewall diff --git a/build-with-docker.sh b/build-with-docker.sh index 9a312a2..e3ddce7 100755 --- a/build-with-docker.sh +++ b/build-with-docker.sh @@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall . echo Building Firewall... docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)" -echo "SHA2 last known: 88fdd86993dfbd2e2c4a4d502c350bef091d7831405cf983aebe85f936799f2d" +echo "SHA2 last known: f499b2379c62917ac32854be63f201e6b90466e645e54dea51e376baccdf26ab" echo "(hashes should match for released versions)"